logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
Seth  
#1 Posted : Friday, March 3, 2017 9:21:18 PM(UTC)
Seth


Rank: Newbie

Joined: 6/20/2014(UTC)
Posts: 5
United States

I was more than happy with everything until last night when the ssl certificate for 4.4 expired and broke everything.

In 4.4, getting session info for all of the variables you needed for the .jnlp file could be gotten easily with:

curl -s http://host.name:port/Service.ashx/GetGuestSessionInfo/ABCD

That provided you with the session ID, support group and everything else needed for the session with the secure code ABCD

Then, modify the .jnlp file to add those variables and run the .jnlp file from the command line and Tada. Click RUN on the java popup, and you're connected.


That being said, we now have machines deployed hours away, and the main method of supporting these customers is to use screenconnect. We use it daily.

A:
Is there a simple way to get 6.1 to accept connections at the same URL and format as 4.4? Then we don't have to change any of the guest machines.

B:
If not, why not? Why should the API and interface change every version when it appears its the same variables needed?


Scott  
#2 Posted : Friday, March 3, 2017 9:36:28 PM(UTC)
Scott


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 3/28/2014(UTC)
Posts: 2,398
United States

Thanks: 3 times
Was thanked: 297 time(s) in 255 post(s)
Quote:
Is there a simple way to get 6.1 to accept connections at the same URL and format as 4.4? Then we don't have to change any of the guest machines.

Unlikely, unfortunately, and for a number of reasons.

In 6.0 we hardened the web server and one of the changes was to disallow parameters from being passed within the request URL itself. They can only be passed within the request's body and I believe they must be of type application/json. Meaning even if Service.ashx still existed, it would no longer accept ABCD passed in the way you listed above.

In theory, there might be a way to use a different web application to serve as a proxy at that location, perhaps offering an interface between the old request and the new version of ScreenConnect.

Quote:
If not, why not? Why should the API and interface change every version when it appears its the same variables needed?


Continuing, in version 5.0 we added the Extension framework to prevent situations just like this. Previously, the Service.ashx file you mentioned would have significant changes made with every minor release. We implemented an API for interacting with the Session Manager and we created tools to allow for the creation of custom web service methods within extensible packages that could easily be shared with other ScreenConnect users. Since this change, I cannot think of more than 2-3 changes we have made to the framework which would require extension developers to modify their code.

With this method, you can create an Extension that contains a WebService class defining a method to handle your requests. You can choose how to handle authentication and exactly how the result should be returned.

We have a few examples of similar code in a few locations on the forum, but this KB article is probably the most helpful.
ScreenConnect Team
Seth  
#3 Posted : Friday, March 3, 2017 10:20:53 PM(UTC)
Seth


Rank: Newbie

Joined: 6/20/2014(UTC)
Posts: 5
United States

So is there a config setting to "Un-harden" the webserver at least temporarily until a better fix can be rolled out?

Right now we are broken and cannot service our customers in multiple states.
Alexander  
#4 Posted : Tuesday, March 7, 2017 3:15:22 PM(UTC)
Alexander


Rank: Administration

Medals: Level 3: Shirt off your back! Received 25 Thanks!

Joined: 7/23/2013(UTC)
Posts: 711
Man
Location: Raleigh, NC

Was thanked: 66 time(s) in 63 post(s)
You can add the following in your web.config's appSettings (though we may remove this as well in the future):
<add key="WebServiceAllowHttpGetOperations" value="true" />
ScreenConnect Team
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.